You would think that if you hear about a data breach within a company you have an account with, you would be quickly inclined to go to that website and change your password, and even your username if possible.

Not so fast, says a new study published by researchers from Carnegie Mellon University’s Security and Privacy Institute. The information they presented at the 2020 IEEE Workshop on Technology and Consumer Protection says otherwise.

The study they presented was based on the browser histories collected from 249 participants who volunteered their information between January 2017 and December 2018, for the purpose of the research.

Only 33% of the participants changed their passwords after a data breach of their accounts. Even more concerning is that they only used a different variation of their old password.

Though the study is quite small and limited in scope, it just goes to show that the majority of people don’t necessarily take data breaches seriously. Their mindset may be “well this won’t effect me.”

Companies need to spend more time educating their consumers about the seriousness and consequences of such data breaches and attacks.